NTLM Backward Compatibility Security Issues
teancum144
Member Posts: 229 ■■■□□□□□□□
in Security+
Darril Gibson's book indicates that, "While NTLMv1 and NTLMv2 provide improvements over LANMAN, a significant vulnerability exists in systems before Windows Vista ... LANMAN is still enabled by default on older systems. When it is enabled, these systems use the LANMAN hash for backward compatibility, in addition to the more secure NTLMv2."
When it says, "in addition to the more secure NTLMv2", does it mean "instead of" or that some how both are used simultaneously?
When it says, "in addition to the more secure NTLMv2", does it mean "instead of" or that some how both are used simultaneously?
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
Comments
-
Darril Member Posts: 1,588Both are used simultaneously unless LANMAN is disabled.
From a security perspective, an important point that administrators must consider is that just because NTLMv2 is enabled, it doesn't necessarily mean that LANMAN is disabled and passwords can be easily discovered.
It's an old issue, but there are still a lot of Windows XP systems operating. Then again, even in newer systems running NTLMv2, if an attacker has unrestricted access to the database, it's just a matter of time before they can discover the passwords.
Hope this helps.